Share this post:

The EU GDPR directs the biggest transformation to data protection laws, with the intent to strengthen and unify data protection for all individuals within the European Union, which comes into effect from May 25, 2018.

This mandates businesses to set up procedures for regular security tests, assessing and evaluating the effectiveness of technical and organizational data security measures for ensuring the “security of the processing”.

Most organisations set up a team that keeps the data and systems secure by placing appropriate physical and logical controls, providing the network and host layer protection, and performing fundamental security validation tests. However, many times these controls fail to secure the systems and data, as a result of improper quantifying and inspecting processes in place. This could lead to major financial and reputational impact to the organizations.

Recent attacks such as WannaCry and Petya Ransomware are a few examples of major information security incidents, subsequently questioning the GDPR readiness of organizations. Organizations need to set up appropriate security measures to prevent unlawful and unauthorized processing of personal data, which could lead to accidental loss or deliberate destruction of data. This failure to comply with GDPR could result in fines up to 4% of the global annual turnover for the preceding financial year.

To ensure data security, GDPR will enforce organizations to look at the following key points:

Data loss protection

Data breach identification and notification

Data discovery, cataloging and classification

Cloud storage and sharing services

Pseudonymisation

Encryption of personal data at rest and in transit

Regular security testing

Cyber Security Role:
Safeguarding the ongoing confidentiality, integrity, availability and resilience of processing systems and services, is a requirement of the GDPR. This can be achieved with the help of skilled data protection consultants.

Moreover, organizations need to look for Cyber Security Incident Response Services which can help in the event of any incident that restores the availability and access to personal data in a timely manner, and tracks down the likely cause of the breach.
Additionally, organizations need to invest in Cyber Security Incident Response Services, that help to identify any incident which could lead to data loss or data breach. These services are a proactive monitoring mechanism that help in data recovery by providing insights and adequate information from the incident log.

In order to validate the efficiency of controls implemented at various data entry and exit points, a risk-based approach needs to be adopted. Cybersecurity consultants will help organizations to adopt this approach and validate database security, OS/host security, application security, network security and perimeter security, by providing advisory and risk validation services. Such tests need to be done at regular intervals to ensure data security and meet GDPR compliance needs.

In 2018, GDPR compliance will be the key!

Blogger's Profile

Pradeep Mahangare

Project Manager – Assurance Services

Pradeep is an Information Security professional with 11+ years of experience in Information Security, specializing in technology risk assessment and security test. He has executed 150+ security engagements for both domestic as well as international customers from various domains covering Banking, Insurance, Manufacturing, M&E, Healthcare, Energy, etc. Pradeep is currently managing the Security Assurance Practice in LTI, and providing security solutions, risk assessment and tracking support, to meet business and compliance requirements of customers. His views on Cybersecurity need in the GDPR compliance, are based on his experience working with various industries and compliance standards followed (PCIDSS, ISO 27001) during customer projects.